Test ID:	1.3.6.1.4.1.25623.1.0.840523
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-1000-1)
Summary:	The remote host is missing an update for the 'linux, linux-ec2, linux-source-2.6.15' package(s) announced via the USN-1000-1 advisory.
Description:	Summary: The remote host is missing an update for the 'linux, linux-ec2, linux-source-2.6.15' package(s) announced via the USN-1000-1 advisory. Vulnerability Insight: Dan Rosenberg discovered that the RDS network protocol did not correctly check certain parameters. A local attacker could exploit this gain root privileges. (CVE-2010-3904) Al Viro discovered a race condition in the TTY driver. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2009-4895) Dan Rosenberg discovered that the MOVE_EXT ext4 ioctl did not correctly check file permissions. A local attacker could overwrite append-only files, leading to potential data loss. (CVE-2010-2066) Dan Rosenberg discovered that the swapexit xfs ioctl did not correctly check file permissions. A local attacker could exploit this to read from write-only files, leading to a loss of privacy. (CVE-2010-2226) Suresh Jayaraman discovered that CIFS did not correctly validate certain response packets. A remote attacker could send specially crafted traffic that would crash the system, leading to a denial of service. (CVE-2010-2248) Ben Hutchings discovered that the ethtool interface did not correctly check certain sizes. A local attacker could perform malicious ioctl calls that could crash the system, leading to a denial of service. (CVE-2010-2478, CVE-2010-3084) James Chapman discovered that L2TP did not correctly evaluate checksum capabilities. If an attacker could make malicious routing changes, they could crash the system, leading to a denial of service. (CVE-2010-2495) Neil Brown discovered that NFSv4 did not correctly check certain write requests. A remote attacker could send specially crafted traffic that could crash the system or possibly gain root privileges. (CVE-2010-2521) David Howells discovered that DNS resolution in CIFS could be spoofed. A local attacker could exploit this to control DNS replies, leading to a loss of privacy and possible privilege escalation. (CVE-2010-2524) Dan Rosenberg discovered a flaw in gfs2 file system's handling of acls (access control lists). An unprivileged local attacker could exploit this flaw to gain access or execute any file stored in the gfs2 file system. (CVE-2010-2525) Bob Peterson discovered that GFS2 rename operations did not correctly validate certain sizes. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2010-2798) Eric Dumazet discovered that many network functions could leak kernel stack contents. A local attacker could exploit this to read portions of kernel memory, leading to a loss of privacy. (CVE-2010-2942, CVE-2010-3477) Sergey Vlasov discovered that JFS did not correctly handle certain extended attributes. A local attacker could bypass namespace access rules, leading to a loss of privacy. (CVE-2010-2946) Tavis Ormandy discovered that the IRDA subsystem did not correctly shut down. A local attacker could exploit this to cause the system to crash or possibly gain root privileges. (CVE-2010-2954) Tavis Ormandy discovered that the session ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'linux, linux-ec2, linux-source-2.6.15' package(s) on Ubuntu 6.06, Ubuntu 8.04, Ubuntu 9.04, Ubuntu 9.10, Ubuntu 10.04, Ubuntu 10.10. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4895 Debian Security Information: DSA-2094 (Google Search) http://www.debian.org/security/2010/dsa-2094 http://www.openwall.com/lists/oss-security/2010/06/15/2 http://www.openwall.com/lists/oss-security/2010/06/15/3 http://www.openwall.com/lists/oss-security/2010/06/15/4 http://www.openwall.com/lists/oss-security/2010/06/15/5 http://www.ubuntu.com/usn/USN-1000-1 Common Vulnerability Exposure (CVE) ID: CVE-2010-2066 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX http://www.securityfocus.com/archive/1/516397/100/0/threaded 43315 http://secunia.com/advisories/43315 RHSA-2010:0610 http://www.redhat.com/support/errata/RHSA-2010-0610.html SUSE-SA:2010:033 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00000.html USN-1000-1 [oss-security] 20100607 CVE request - kernel: ext4: Make sure the MOVE_EXT ioctl can't overwrite append-only files http://www.openwall.com/lists/oss-security/2010/06/07/1 [oss-security] 20100609 Re: CVE request - kernel: ext4: Make sure the MOVE_EXT ioctl can't overwrite append-only files http://www.openwall.com/lists/oss-security/2010/06/09/1 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1f5a81e41f8b1a782c68d3843e9ec1bfaadf7d72 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35 http://www.vmware.com/security/advisories/VMSA-2011-0003.html https://bugzilla.redhat.com/show_bug.cgi?id=601006 Common Vulnerability Exposure (CVE) ID: CVE-2010-2226 40920 http://www.securityfocus.com/bid/40920 ADV-2011-0298 http://www.vupen.com/english/advisories/2011/0298 DSA-2094 MDVSA-2010:198 http://www.mandriva.com/security/advisories?name=MDVSA-2010:198 SUSE-SA:2010:060 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html SUSE-SA:2011:007 http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html [oss-security] 20100617 CVE request - kernel: xfs swapext ioctl issue http://marc.info/?l=oss-security&m=127677135609357&w=2 [oss-security] 20100618 Re: CVE request - kernel: xfs swapext ioctl issue http://marc.info/?l=oss-security&m=127687486331790&w=2 [xfs] 20100616 Re: [Security] XFS swapext ioctl minor security issues http://archives.free.net.ph/message/20100616.130710.301704aa.en.html http://archives.free.net.ph/message/20100616.135735.40f53a32.en.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1817176a86352f65210139d4c794ad2d19fc6b63 https://bugzilla.redhat.com/show_bug.cgi?id=605158 Common Vulnerability Exposure (CVE) ID: CVE-2010-2248 1024285 http://securitytracker.com/id?1024285 42242 http://www.securityfocus.com/bid/42242 MDVSA-2011:051 http://www.mandriva.com/security/advisories?name=MDVSA-2011:051 RHSA-2010:0606 https://rhn.redhat.com/errata/RHSA-2010-0606.html [oss-security] 20100628 CVE request - kernel: cifs: Fix a kernel BUG with remote OS/2 server http://www.openwall.com/lists/oss-security/2010/06/28/1 [oss-security] 20100628 Re: CVE request - kernel: cifs: Fix a kernel BUG with remote OS/2 server http://www.openwall.com/lists/oss-security/2010/06/28/6 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6513a81e9325d712f1bfb9a1d7b750134e49ff18 http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.34/ChangeLog-2.6.34-rc4 https://bugzilla.redhat.com/show_bug.cgi?id=608583 Common Vulnerability Exposure (CVE) ID: CVE-2010-2478 41223 http://www.securityfocus.com/bid/41223 SUSE-SA:2010:040 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html [netdev] 20100628 [PATCH net-2.6 1/2] ethtool: Fix potential kernel buffer overflow in ETHTOOL_GRXCLSRLALL http://article.gmane.org/gmane.linux.network/164869 [oss-security] 20100629 Re: kernel: ethtool: kernel buffer overflow in ETHTOOL_GRXCLSRLALL http://www.openwall.com/lists/oss-security/2010/06/29/3 [oss-security] 20100629 kernel: ethtool: kernel buffer overflow in ETHTOOL_GRXCLSRLALL http://www.openwall.com/lists/oss-security/2010/06/29/1 [oss-security] 20100630 Re: kernel: ethtool: kernel buffer overflow in ETHTOOL_GRXCLSRLALL http://www.openwall.com/lists/oss-security/2010/06/30/17 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=db048b69037e7fa6a7d9e95a1271a50dc08ae233 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.33.7 https://bugzilla.redhat.com/show_bug.cgi?id=608950 Common Vulnerability Exposure (CVE) ID: CVE-2010-2495 [oss-security] 20100623 kernel: l2tp: Fix oops in pppol2tp_xmit http://www.openwall.com/lists/oss-security/2010/06/23/3 [oss-security] 20100704 Re: CVE Request: kernel: l2tp: Fix oops in pppol2tp_xmit http://www.openwall.com/lists/oss-security/2010/07/04/3 [oss-security] 20100704 Re: kernel: l2tp: Fix oops in pppol2tp_xmit http://www.openwall.com/lists/oss-security/2010/07/04/2 [oss-security] 20100706 Re: CVE Request: kernel: l2tp: Fix oops in pppol2tp_xmit http://www.openwall.com/lists/oss-security/2010/07/06/11 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3feec9095d12e311b7d4eb7fe7e5dfa75d4a72a5 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34 https://bugzilla.redhat.com/show_bug.cgi?id=607054 Common Vulnerability Exposure (CVE) ID: CVE-2010-2521 1024286 http://securitytracker.com/id?1024286 42249 http://www.securityfocus.com/bid/42249 ADV-2010-3050 http://www.vupen.com/english/advisories/2010/3050 RHSA-2010:0893 http://www.redhat.com/support/errata/RHSA-2010-0893.html RHSA-2010:0907 http://www.redhat.com/support/errata/RHSA-2010-0907.html [oss-security] 20100707 CVE request - kernel: nfsd4: bug in read_buf http://www.openwall.com/lists/oss-security/2010/07/07/1 [oss-security] 20100708 Re: CVE request - kernel: nfsd4: bug in read_buf http://www.openwall.com/lists/oss-security/2010/07/09/2 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2bc3c1179c781b359d4f2f3439cb3df72afc17fc http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.34/ChangeLog-2.6.34-rc6 https://bugzilla.redhat.com/show_bug.cgi?id=612028 Common Vulnerability Exposure (CVE) ID: CVE-2010-2524 MDVSA-2010:172 http://www.mandriva.com/security/advisories?name=MDVSA-2010:172 [oss-security] 20100802 CVE-2010-2524 kernel: dns_resolver upcall security issue http://marc.info/?l=oss-security&m=128072090331700&w=2 [oss-security] 20100802 Re: CVE-2010-2524 kernel: dns_resolver upcall security issue http://marc.info/?l=oss-security&m=128078387328921&w=2 [oss-security] 20100803 Re: CVE-2010-2524 kernel: dns_resolver upcall security issue http://marc.info/?l=oss-security&m=128080755321157&w=2 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4c0c03ca54f72fdd5912516ad0a23ec5cf01bda7 https://bugzilla.redhat.com/show_bug.cgi?id=612166 Common Vulnerability Exposure (CVE) ID: CVE-2010-2525 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2646a1f61a3b5525914757f10fa12b5b94713648 https://ubuntu.com/security/CVE-2010-2525 Common Vulnerability Exposure (CVE) ID: CVE-2010-2798 1024386 http://securitytracker.com/id?1024386 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console http://www.securityfocus.com/archive/1/520102/100/0/threaded 42124 http://www.securityfocus.com/bid/42124 46397 http://secunia.com/advisories/46397 RHSA-2010:0660 http://www.redhat.com/support/errata/RHSA-2010-0660.html RHSA-2010:0670 http://www.redhat.com/support/errata/RHSA-2010-0670.html RHSA-2010:0723 http://www.redhat.com/support/errata/RHSA-2010-0723.html SUSE-SA:2010:054 http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html [oss-security] 20100802 CVE request: kernel: gfs2: rename cases kernel panic http://www.openwall.com/lists/oss-security/2010/08/02/1 [oss-security] 20100802 Re: CVE request: kernel: gfs2: rename cases kernel panic http://www.openwall.com/lists/oss-security/2010/08/02/10 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=728a756b8fcd22d80e2dbba8117a8a3aafd3f203 http://support.avaya.com/css/P8/documents/100113326 http://www.vmware.com/security/advisories/VMSA-2011-0012.html https://bugzilla.redhat.com/show_bug.cgi?id=620300 Common Vulnerability Exposure (CVE) ID: CVE-2010-2942 41512 http://secunia.com/advisories/41512 42529 http://www.securityfocus.com/bid/42529 ADV-2010-2430 http://www.vupen.com/english/advisories/2010/2430 RHSA-2010:0771 http://www.redhat.com/support/errata/RHSA-2010-0771.html RHSA-2010:0779 http://www.redhat.com/support/errata/RHSA-2010-0779.html SUSE-SA:2010:041 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html [oss-security] 20100818 CVE request - kernel: net sched memleak http://www.openwall.com/lists/oss-security/2010/08/18/1 [oss-security] 20100819 Re: CVE request - kernel: net sched memleak http://www.openwall.com/lists/oss-security/2010/08/19/4 http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=1c40be12f7d8ca1d387510d39787b12e512a7ce8 http://patchwork.ozlabs.org/patch/61857/ http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc2 https://bugzilla.redhat.com/show_bug.cgi?id=624903 Common Vulnerability Exposure (CVE) ID: CVE-2010-2946 41321 http://secunia.com/advisories/41321 42589 http://www.securityfocus.com/bid/42589 43291 http://secunia.com/advisories/43291 ADV-2011-0375 http://www.vupen.com/english/advisories/2011/0375 SUSE-SA:2011:008 http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html [oss-security] 20100820 CVE request - kernel: jfs: don't allow os2 xattr namespace overlap with others http://www.openwall.com/lists/oss-security/2010/08/20/1 [oss-security] 20100820 Re: CVE request - kernel: jfs: don't allow os2 xattr namespace overlap with others http://www.openwall.com/lists/oss-security/2010/08/20/11 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=aca0fa34bdaba39bfddddba8ca70dba4782e8fe6 http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.10 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.51 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.2 Common Vulnerability Exposure (CVE) ID: CVE-2010-2954 41234 http://secunia.com/advisories/41234 ADV-2010-2266 http://www.vupen.com/english/advisories/2010/2266 SUSE-SA:2010:050 http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html [netdev] 20100830 [PATCH] irda: Correctly clean up self->ias_obj on irda_bind() failure. http://www.spinics.net/lists/netdev/msg139404.html [oss-security] 20100901 CVE-2010-2954 kernel: irda null ptr deref http://marc.info/?l=oss-security&m=128331787923285&w=2 http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=628e300cccaa628d8fb92aa28cb7530a3d5f2257 http://twitter.com/taviso/statuses/22635752128 http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.36-rc3-next-20100901.bz2 https://bugzilla.redhat.com/show_bug.cgi?id=628770 kernel-irdabind-dos(61522) https://exchange.xforce.ibmcloud.com/vulnerabilities/61522 Common Vulnerability Exposure (CVE) ID: CVE-2010-2960 BugTraq ID: 42932 http://www.securityfocus.com/bid/42932 http://twitter.com/taviso/statuses/22777866582 http://www.openwall.com/lists/oss-security/2010/09/02/1 http://securitytracker.com/id?1024384 http://secunia.com/advisories/41263 SuSE Security Announcement: SUSE-SA:2010:050 (Google Search) SuSE Security Announcement: SUSE-SA:2011:007 (Google Search) XForce ISS Database: linux-kernel-keyctl-dos(61557) https://exchange.xforce.ibmcloud.com/vulnerabilities/61557 Common Vulnerability Exposure (CVE) ID: CVE-2010-2963 BugTraq ID: 44242 http://www.securityfocus.com/bid/44242 Debian Security Information: DSA-2126 (Google Search) http://www.debian.org/security/2010/dsa-2126 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:257 http://www.outflux.net/blog/archives/2010/10/19/cve-2010-2963-v4l-compat-exploit/ http://www.securitytracker.com/id?1024710 http://secunia.com/advisories/42745 SuSE Security Announcement: SUSE-SA:2010:053 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html SuSE Security Announcement: SUSE-SA:2010:057 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html http://www.vupen.com/english/advisories/2010/3321 Common Vulnerability Exposure (CVE) ID: CVE-2010-3015 BugTraq ID: 42477 http://www.securityfocus.com/bid/42477 Bugtraq: 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (Google Search) http://www.mandriva.com/security/advisories?name=MDVSA-2010:247 http://www.mandriva.com/security/advisories?name=MDVSA-2011:029 http://marc.info/?l=oss-security&m=128192548904503&w=2 http://marc.info/?l=oss-security&m=128197862004376&w=2 http://marc.info/?l=oss-security&m=128201627016896&w=2 SuSE Security Announcement: SUSE-SA:2010:040 (Google Search) SuSE Security Announcement: SUSE-SA:2010:054 (Google Search) http://www.vupen.com/english/advisories/2010/3117 XForce ISS Database: kernel-stacksize-dos(61156) https://exchange.xforce.ibmcloud.com/vulnerabilities/61156 Common Vulnerability Exposure (CVE) ID: CVE-2010-3067 42778 http://secunia.com/advisories/42778 42801 http://secunia.com/advisories/42801 42890 http://secunia.com/advisories/42890 ADV-2011-0012 http://www.vupen.com/english/advisories/2011/0012 DSA-2126 MDVSA-2010:257 MDVSA-2011:029 RHSA-2010:0758 http://www.redhat.com/support/errata/RHSA-2010-0758.html RHSA-2010:0839 http://www.redhat.com/support/errata/RHSA-2010-0839.html RHSA-2011:0007 http://www.redhat.com/support/errata/RHSA-2011-0007.html SUSE-SA:2011:001 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00000.html SUSE-SA:2011:002 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00001.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=75e1c70fc31490ef8a373ea2a4bea2524099b478 http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.36-rc4-next-20100915.bz2 https://bugzilla.redhat.com/show_bug.cgi?id=629441 kernel-doiosubmit-dos(61884) https://exchange.xforce.ibmcloud.com/vulnerabilities/61884 Common Vulnerability Exposure (CVE) ID: CVE-2010-3078 1024418 http://securitytracker.com/id?1024418 41284 http://secunia.com/advisories/41284 43022 http://www.securityfocus.com/bid/43022 [oss-security] 20100907 CVE request: kernel: xfs: XFS_IOC_FSGETXATTR ioctl memory leak http://www.openwall.com/lists/oss-security/2010/09/07/1 [oss-security] 20100907 Re: CVE request: kernel: xfs: XFS_IOC_FSGETXATTR ioctl memory leak http://www.openwall.com/lists/oss-security/2010/09/07/12 [xfs-masters] 20100906 [PATCH] xfs: prevent reading uninitialized stack memory http://www.linux.sgi.com/archives/xfs-masters/2010-09/msg00002.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a122eb2fdfd78b58c6dd992d6f4b1aaef667eef9 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc4 https://bugzilla.redhat.com/show_bug.cgi?id=630804 Common Vulnerability Exposure (CVE) ID: CVE-2010-3080 43062 http://www.securityfocus.com/bid/43062 [oss-security] 20100908 CVE-2010-3080 kernel: /dev/sequencer open failure is not handled correctly http://www.openwall.com/lists/oss-security/2010/09/08/7 http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git%3Ba=commit%3Bh=c598337660c21c0afaa9df5a65bb4a7a0cf15be8 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=27f7ad53829f79e799a253285318bff79ece15bd https://bugzilla.redhat.com/show_bug.cgi?id=630551 Common Vulnerability Exposure (CVE) ID: CVE-2010-3084 43098 http://www.securityfocus.com/bid/43098 RHSA-2010:0842 http://www.redhat.com/support/errata/RHSA-2010-0842.html [netdev] 20100907 [PATCH net-2.6] niu: Fix kernel buffer overflow for ETHTOOL_GRXCLSRLALL http://www.spinics.net/lists/netdev/msg140133.html [oss-security] 20100909 CVE request: kernel: niu buffer overflow for ETHTOOL_GRXCLSRLALL http://www.openwall.com/lists/oss-security/2010/09/09/1 [oss-security] 20100910 Re: CVE request: kernel: niu buffer overflow for ETHTOOL_GRXCLSRLALL http://www.openwall.com/lists/oss-security/2010/09/11/1 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ee9c5cfad29c8a13199962614b9b16f1c4137ac9 https://bugzilla.redhat.com/show_bug.cgi?id=632069 Common Vulnerability Exposure (CVE) ID: CVE-2010-3310 41493 http://secunia.com/advisories/41493 43368 http://www.securityfocus.com/bid/43368 68163 http://www.osvdb.org/68163 SUSE-SA:2010:051 http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00004.html [linux-netdev] 20100920 [PATCH] rose: Fix signedness issues wrt. digi count. http://marc.info/?l=linux-netdev&m=128502238927086&w=2 [oss-security] 20100921 CVE request: kernel: Heap corruption in ROSE http://www.openwall.com/lists/oss-security/2010/09/21/1 [oss-security] 20100921 Re: CVE request: kernel: Heap corruption in ROSE http://www.openwall.com/lists/oss-security/2010/09/21/2 http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=9828e6e6e3f19efcb476c567b9999891d051f52f http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.36-rc5-next-20100923.bz2 kernel-rose-bind-dos(61953) https://exchange.xforce.ibmcloud.com/vulnerabilities/61953 Common Vulnerability Exposure (CVE) ID: CVE-2010-3432 42400 http://secunia.com/advisories/42400 42789 http://secunia.com/advisories/42789 43480 http://www.securityfocus.com/bid/43480 ADV-2010-3113 http://www.vupen.com/english/advisories/2010/3113 ADV-2011-0024 http://www.vupen.com/english/advisories/2011/0024 RHSA-2010:0936 http://www.redhat.com/support/errata/RHSA-2010-0936.html RHSA-2010:0958 http://www.redhat.com/support/errata/RHSA-2010-0958.html RHSA-2011:0004 http://www.redhat.com/support/errata/RHSA-2011-0004.html [netdev] 20100915 [PATCH] net: SCTP remote/local Denial of Service vulnerability description and fix http://marc.info/?l=linux-netdev&m=128453869227715&w=3 [oss-security] 20100924 CVE Request -- Linux/SCTP DoS in sctp_packet_config() http://marc.info/?l=oss-security&m=128534569803598&w=2 [oss-security] 20100925 Re: CVE Request -- Linux/SCTP DoS in sctp_packet_config() http://marc.info/?l=oss-security&m=128537701808336&w=2 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4bdab43323b459900578b200a4b8cf9713ac8fab http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.6 https://bugzilla.redhat.com/show_bug.cgi?id=637675 Common Vulnerability Exposure (CVE) ID: CVE-2010-3437 15150 http://www.exploit-db.com/exploits/15150/ 42932 http://secunia.com/advisories/42932 43551 http://www.securityfocus.com/bid/43551 ADV-2011-0124 http://www.vupen.com/english/advisories/2011/0124 SUSE-SA:2011:004 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00004.html [oss-security] 20100928 CVE request - kernel: pktcdvd ioctl dev_minor missing range check http://www.openwall.com/lists/oss-security/2010/09/28/2 [oss-security] 20100928 Re: CVE request - kernel: pktcdvd ioctl dev_minor missing range check http://www.openwall.com/lists/oss-security/2010/09/28/6 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=252a52aa4fa22a668f019e55b3aac3ff71ec1c29 http://jon.oberheide.org/files/cve-2010-3437.c http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc6 https://bugzilla.redhat.com/show_bug.cgi?id=638085 Common Vulnerability Exposure (CVE) ID: CVE-2010-3442 42745 43787 http://www.securityfocus.com/bid/43787 ADV-2010-3321 FEDORA-2010-18983 [oss-security] 20100929 CVE request - kernel: prevent heap corruption in snd_ctl_new() http://www.openwall.com/lists/oss-security/2010/09/29/2 [oss-security] 20100929 Re: CVE request - kernel: prevent heap corruption in snd_ctl_new() http://www.openwall.com/lists/oss-security/2010/09/29/3 http://www.openwall.com/lists/oss-security/2010/09/29/4 http://www.openwall.com/lists/oss-security/2010/09/29/9 http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git%3Ba=commit%3Bh=5591bf07225523600450edd9e6ad258bb877b779 http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.36-rc5-next-20100928.bz2 https://bugzilla.redhat.com/show_bug.cgi?id=638478 Common Vulnerability Exposure (CVE) ID: CVE-2010-3477 http://www.securitytracker.com/id?1024603 Common Vulnerability Exposure (CVE) ID: CVE-2010-3705 [linux-kernel] 20101001 [PATCH] Fix out-of-bounds reading in sctp_asoc_get_hmac() http://marc.info/?l=linux-kernel&m=128596992418814&w=2 [oss-security] 20101004 CVE request: kernel: SCTP memory corruption in HMAC handling http://www.openwall.com/lists/oss-security/2010/10/04/2 [oss-security] 20101004 Re: CVE request: kernel: SCTP memory corruption in HMAC handling http://www.openwall.com/lists/oss-security/2010/10/04/7 http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git%3Ba=commit%3Bh=51e97a12bef19b7e43199fc153cf9bd5f2140362 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36 https://bugzilla.redhat.com/show_bug.cgi?id=640036 Common Vulnerability Exposure (CVE) ID: CVE-2010-3904 CERT/CC vulnerability note: VU#362983 http://www.kb.cert.org/vuls/id/362983 https://www.exploit-db.com/exploits/44677/ http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html http://www.vsecurity.com/download/tools/linux-rds-exploit.c http://www.vsecurity.com/resources/advisory/20101019-1/ http://www.redhat.com/support/errata/RHSA-2010-0792.html http://securitytracker.com/id?1024613
Copyright	Copyright (C) 2010 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.